Discovering Cross Site Scripting (XSS) vulnerabilities

Today I wrote a simple perl script to automatically discover XSS vulnerabilities into a web application.

This script can be improved in order to make it more suitable to be used in a web penetration test.

Following the code:

#!/usr/bin/perl use strict;use LWP::Simple;my ($url, $webpage, @webpage, @name, $result); if(@ARGV < 1) { usage();} #Get web page specified by cmd$webpage = get("http://" . $ARGV[0]); #Split variable into an arry@webpage = split(/\n/, $webpage); #Parsing Web Page to obtain names of "input type=text" foreach (@webpage) {  if($_ =~ /input\stype="text"\sname="(\w{1,30})"/) {    push(@name, $1);      }} #Print found search boxif(@name) { print "I've found the following search box:\n";   foreach (@name) {   print "$_\n"; } print "and I've discovered that:\n"; #Automatically exploit search box to verify XSS vulnerabilities foreach (@name) {   $result = get("http://" . $ARGV[0] . "?" . $_ . "=<script>alert('test_XSS')</script>");   if($result =~ /<script>alert\('test_XSS'\)<\/script>/) {     print "$_ is vulnerable to XSS\n";   }      else { print "$_ isn't vulnerable to XSS\n";} }} else {  print"I have not found search boxes in " . $ARGV[0] . "\n";} sub usage() { print"Usage: ".$0." <url>\n"; print "Example: " . $0 . " ivanobinetti.com\n"; exit;}

Perl FTP client

I’ve written a simple FTP client in perl which allows to integrate ftp into batch scripts.


#!/usr/bin/perl
use Net::FTP;
#variables
$server = $ARGV[1];
$user = $ARGV[3];
$password = $ARGV[5];
$method = $ARGV[7];
$file = $ARGV[9];


#input control
if(@ARGV <1 || $ARGV[0] ne "-s" || $ARGV[2] ne "-u" || $ARGV[4] ne "-p" || $ARGV[6] ne "-m" || $ARGV[8] ne "-f")  {
 usage();
}
#core code
$ftp = Net::FTP->new("$server", Debug => 0)
or die "Cannot connect to $server: $@";
$ftp->login("$user",'$password')
or die "Cannot login ", $ftp->message;
if ($method eq "get") {
 $ftp->get("$file")
 or die "get failed ", $ftp->message;
}
elsif ($method eq "put") {
 $ftp->put("$file")
 or die "put failed ", $ftp->message;
}
else {
usage();
}
$ftp->quit;
#sub defined into input control code
sub usage() {
        print "[-] Usage: <". $0 ."> -s <server> -u <user> -p <password> -m <method> -f <file> \n";
        print "[-] Example: ". $0 ." -s 127.0.0.1 -u user -p password -m get -f test.txt\n";
        exit;

Note 1. I’ve used Net::FTP class/module which can be installed simply calling  “shell subroutine” with the following commands:

  1. perl -MCPAN -e shell
  2. install Net::FTP

Note 2. As you can imagine, this scripts is only a simple example ad you can add more features to this script to adapt it to your specific context.

 

>Perl – How to make a DOS

>The purpose of this simple perl script  is to test an application to understand if it is vulnerable at DOS (Denial of Service) attacks.

You can specify the TCP/IP number port, the ip address and the number of connections which you want send to your applications.

#!/usr/bin/perl
use IO::Socket;

        if (@ARGV < 1) {
                usage();
        }

        $ip     = $ARGV[0];
        $port   = $ARGV[1];
        $conn   = $ARGV[2];

        $num    = 0;

        print “I’m sending $ARGV[2] connection requests to port $ARGV[1]\n”;

        while ( $num <= $conn ) {
                system(“echo -n .”);
                $s = IO::Socket::INET->new(Proto => “tcp”, PeerAddr =>
“$ip”, PeerPort => “$port”) || die “[-] Connection FAILED!\n”;

        close($s);
        $num++;
        }

        print “\n Your $ARGV[2] connection requests have been done !\n”;

sub usage() {
        print “[-] Usage: <“. $0 .”> <host> <port> <num-conn>\n”;
        print “[-] Example: “. $0 .” 127.0.0.1 21 1200\n”;
        exit;
}

>Perl – How to Parse a web page

>The following simple perl script allows to automatically search some text, like html link, into a web page:

#!/usr/bin/perl -w
use strict;

#this module allows to delete duplicate entries
use List::MoreUtils qw(uniq);

# this is the module tointeract with web page
use LWP::Simple;

#variables declaration
my @match;
my @match_uniq;
my $file = <your temp file>”;

#I’m used the “get” method of LWP::Simple module 
my $webpage = get(“http://<your url>);

#write my web page into the file
open WH, “> $file” or die $!;
print WH $webpage;
close WH;

#put the file into a array to manipulate it
open RH, “< $file” or die $!;
my @file = <RH>;
close RH;

#search server name and push them into array @match
foreach (@file) {
if (/https?:\/\/(\w+\.\w+\.\w+)/) {
push (@match, $1);
}
}

#remove duplicate entries
@match_uniq= uniq(@match);

#strip out “www.”
foreach (@match_uniq) {
s/www\.//g;
}
foreach (@match_uniq) {
print “$_\n”;
}

>Perl – Shell Subroutine

>

How to use Shell Subroutine to simply install CPAN module

The simplest and quickest method to install a CPAN module is to use the perl shell subroutine.
To run the shell subroutine from command-line, use:

# perl -MCPAN -e shell

This command runs Perl, loads the “CPAN” module into memory and runs the shell soubroutine.

So to install, for example, the WWW::Mechanize module you have to simply execute:

cpan> install WWW::Mechanize

and  the shell subroutine will connect to the internet cpan website and will download and automatically install your module.

>Perl hacks

>How to replace recursively a word into a file

One of  the most frequent task of a linux engineer is to manipulate words within files. Many times this task can be accomplished with linux basic tools like sed, awk, grep using obviously pipe (‘|’) to correlate them.
But suppose that you would like to replace recursively one, all or some occurrences of a word into a file without modify the rest of file but only replacing the chosen word(s) and also you want to do this task at command line without use a dedicated script?

The answer is: “You can use Perl!”

Suppose you want replace all the occurrences of the word ‘foo’ with the word ‘dog’ within the file ‘foo.txt’ . You can write at command line:

$ perl -p -i -e “s/foo/dog/g” foo.txt

-p: is like the cycle while(<>){….} to read a file line to line.
-i: without this option the command redirect his output to terminal. With this options the stdout  is redirected to our file.
-e: is the option to specify a command

Simple, not?

Obviously if you want to replace only the first occurrence of ‘foo’ you need to delete ‘\g’ from the ‘s///’ operator.

The problem is: “ok, I’m able to replace one or all the occurrences of a word, but I would like to replace only some of them, when a particular condition is verified”.
The answer is: “don’t worry friend, you need only to use the ‘m//’ operator and a simple if condition within the perl command. Suppose the the condition is the presence of word ‘animal’. The command will be:

$ perl -p -i -e “s/foo/dog/g if m/ if m/animal/” foo.txt

To use this command to replace one, some or all the occurrences of a word in many files you can use simply this cycle:


for file in $(find /…); do $ perl -p -i -e “s/foo/dog/g if m/ if m/animal/” $file; done


Enjoy this command!